Privacy Policy

Our Commitment

Garness Jones (Commercial) Limited is committed to protecting your privacy and maintaining the security of any personal information received from you.

We strictly adhere to the requirements of the Data Protection Act and other related legislation in the UK. The purpose of this statement is to explain to you what personal information we collect and how we may use it.

The information we collect

This notice applies to all information collected or submitted on this website. When you Request information or services from us, we will ask you for the following personal or company information:

• Name
• Address
• Email address
• Phone number

We Do NOT Collect or store

• Credit/Debit Card Information
• Any sensitive personal information

How we store it

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of your information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

All information is held in a secure manner on security-tested systems and storage in the United Kingdom.

How We Use Information

We use the information you provide to fulfil your requests, manage your services and to allow us to monitor and improve our services to you. We may also look for your details online to identify if we may be able to help you in the future. We do not share this information with any third-parties and we will only contact you with your consent.

We never use personally identifiable information provided to us in ways unrelated to those described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.

We do not collect sensitive information about you and we recommend you do not provide it to us.

Credit Reference and Affordability Checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).

We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

• Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority
  FCA Firm Reference Number: 742313
• TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority
  FCA Firm Reference Number: 805757

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.

Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:

• Creditsafe Privacy / Transparency Notice: https://www.creditsafe.com/gb/en/legal/transparency-notice-customer-supplier.html
• TransUnion CRAIN (Credit Reference Agency Information Notice): https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
• TransUnion Bureau Privacy Notice: https://www.transunion.co.uk/legal/privacy-centre/pc-bureau

Legal Basis for Processing Personal Data

Personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Depending on the activity, we rely on the following lawful bases:

• Performance of a contract – where processing is necessary to deliver services or meet contractual obligations, including obligations involving TransUnion.
• Legal obligation – where processing is required to comply with applicable laws, regulatory requirements, or statutory obligations.
• Legitimate interests – where processing is necessary for legitimate business purposes such as system security, fraud prevention, risk management, audit, and compliance, and where such interests do not override the rights and freedoms of individuals.
• Consent – where required by law, and where individuals have been provided with a clear choice and the ability to withdraw consent at any time.

Where legitimate interests are relied upon, appropriate assessments are conducted to ensure that the rights and freedoms of data subjects are protected.

The legitimate interests pursued by the controller

Our legitimate interests include operating our business, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, and protecting TransUnion data. These interests are balanced against the rights and freedoms of individuals, with appropriate safeguards in place.

The source of personal data

We may collect personal data about you from:

• you directly
• employers/clients when you apply for a role or are considered for an opportunity.
• referees (where relevant and permitted)
• publicly available sources (for example professional networking sites, business websites, and public records)
• credit reference agencies (CRAs) where required for consumer credit, identity, or affordability checks.
• third party service providers used to support recruitment, screening, and compliance processes.

Details of any international data transfers outside the UK/EU and the safeguards in place

We may transfer personal data to recipients or service providers located outside the UK and/or European Economic Area (EEA).

Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of approved standard contractual clauses, international data transfer agreements, or transfers to countries that have been recognised as providing an adequate level of data protection.

The data retention period (how long data will be kept).

We keep personal data only for as long as necessary for its purpose and to meet legal or regulatory obligations. Data used for credit reference or affordability checks is retained only for as long as required and then securely deleted.

The right to lodge a complaint with the Information Commissioner’s Office (ICO) or another supervisory authority.

You have the right to complain to the UK Information Commissioner’s Office (ICO) or another relevant data protection authority if you are dissatisfied with how we manage your personal data.

Provision of Personal Data

Is the provision of personal data statutory or contractual?

The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations.

Personal data is required to:

• enter into and perform contracts with customers, suppliers, or business partners.
• process orders, manage accounts, and deliver goods and services.
• verify identity and prevent fraud; and
• comply with applicable legal, regulatory, accounting, and tax obligations.

What are the consequences of not providing personal data?

If you choose not to provide the personal data, we request:

• we may be unable to enter into a contract with you.
• we may be unable to fulfil orders, supply goods, or provide services.
• we may be unable to conduct necessary verification, compliance, or fraud prevention checks; and
• as a result, our services may be delayed, restricted, or declined.

Where personal data is requested for optional purposes, such as marketing communications, providing this data is not mandatory, and you may withdraw your consent at any time without affecting your ability to receive goods or services from us.

Automated or Non automated decision making

Non-Automated Decision Making and Profiling

We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management.

These tools may analyse personal data using predefined criteria or rules to generate indicators, scores, or recommendations. However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review.

The use of these tools may influence the speed or level of review applied to an application or request, but individuals will not be subject to automatic rejection or adverse decisions without human involvement.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. Your interaction with this website is collected using cookies by Google as part of Google Analytics and is protected under their standard privacy policy here.

For further information visit www.aboutcookies.org or www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

How To Access Or Correct Your Information

If you would like to have access to your information, to alter it or remove it, or exercise any other legal right under the UK Data Protection Act, please write to

Garness Jones (Commercial) Limited
Riverside House,
11-12 Nelson Street, Hull, HU1 1XE,
info@garnessjones.co.uk
Company registration number: 13088669
ICO registration number: ZB230514

Once we have verified your identity and eligibility to access the information you request, we will happily answer your request within 30 days at no charge to yourself.

This Privacy Policy was last reviewed January 2025